At an average of one update every two weeks since iOS 7 launched in September 2013, you might view this a sign that Apple's code quality has gone down, following the argument that more vulnerabilities needing patching must mean worse code.

We often hear this argument trotted out against other software vendors, with a count of known vulnerabilities used an an inverse measure of security.

On the other hand, you might view it as a sign that Apple is becoming more responsive to security issues by pushing out updates quickly, rather than waiting to bundle multiple fixes into a single patch.

Obviously, well-written software without security holes will never need updates, and will therefore rack up zero patches.

But it doesn't work the other way around.

You can't make poorly-written software secure by neglecting, or even refusing, to publish patches for it, so a low patch count can't be used as a quality metric on its own.

And don't forget that exploit-finding is now worth money, sometimes big money, so vulnerability counts are likely to rise, all other things - including software quality - being equal.

A lot of the coverage for the iOS 7.0.4 update has focused on a non-security bug fix in FaceTime, but there's also an officially-listed security patch:

App and In-App purchases may be completed with insufficient authorization.

Description: A signed-in user may be able to complete a transaction without providing a password when prompted. This issue was addressed by additional enforcement of purchase authorization.

As far as we can tell, this flaw doesn't mean that you can buy stuff on someone else's dime without knowing their password.

But it could allow purchases on your device to be approved unexpectedly (or unscrupulously), so it's good to have it fixed.

As mentioned in the article, "jailbreaking" is where you unlock your device to remove Apple's restrictions, notably on what software you can install and where you are allowed to get it from.

Apple doesn't want you to do this, partly for security reasons (you potentially open up your phone to new risks such as malware and hackers) and partly for commercial reasons (iOS is based around the idea that Apple is is control of what you are allowed to run on it, and so you can *only* shop at Apple's "company store" to get new software.)

A vocal minority of users like to jailbreak their devices for the additional freedom it gives them to try new things, make configuration changes Apple won't allow, and use software that isn't limited to playing inside Apple's technical and commercial limitations. And since it's their device, that they've already paid for, the law in most countries, including the US, says they can jailbreak if they want. On the other hand, the law doesn't say Apple has to make it easy :-)

Apple, indeed, does its best to stop people jailbreaking, even though most users probably wouldn't bother anyway, so the jailbreak experts have to find holes in iOS by means of which they can turn off Apple's deliberate limitations.

The infection might not have arrived via an exploit - it might have arrived in email, for instance, or in a download, or via numerous other routes.

It's hard to say without more information whether this was down to a hole left by Apple or some other means. (If not, then waiting for a patch won't help.)

Or it might have entered via an exploit against some non-Apple component, e.g. Java or Flash. Do you have those installed? Are they up-to-date as well?

Lastly, it might not have been an active infection - you didn't say, but if you already had Sophos installed and it kicked in as the malware was trying to activate, then it was probably blocked before it could actually do anything.

On upgrading to ios7.0.4 the data have been tampered with. The names of all the contacts have disappeared and where do we get them back from ? In all updates should the software designer not take care of the data of the user. If there is a problem then they should give a warning that your data is going to be affected and the same can be saved like this-- the procedure should be a part of the update. Let these software giants not take us as goats. Fools you are working because there are customers who buy from you. You need to care for your customers.

Ashok... Likely the culprit is the iCloud. Even if you think it was not turned on for Contact. Even so, go into settings and turn it on/off or off/on/off and reboot. Your contacts should reappear. This happened to my wife's phone, but not mine, post 7.0 upgrade but not directly following an update, apparently just randomly. Yikes! Anyway, this "fix" worked for her phone.

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too.
Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009.
Follow him on Twitter: @duckblog